[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2015:0377 -- centos 7 libfreehand

ID: oval:org.secpod.oval:def:204222Date: (C)2017-04-04   (M)2023-02-20
Class: PATCHFamily: unix




LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. A flaw was found in the OLE generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. A use-after-free flaw was found in the Remote Control capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress. The libreoffice packages have been upgraded to upstream version 4.2.6.3, which provides a number of bug fixes and enhancements over the previous version. Among others: * Improved OpenXML interoperability. * Additional statistic functions in Calc . * Various performance improvements in Calc. * Apple Keynote and Abiword import. * Improved MathML export. * New Start screen with thumbnails of recently opened documents. * Visual clue in Slide Sorter when a slide has a transition or an animation. * Improvements for trend lines in charts. * Support for BCP-47 language tags. All libreoffice users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

Platform:
CentOS 7
Product:
libfreehand
Reference:
CESA-2015:0377
CVE-2014-0247
CVE-2014-3575
CVE-2014-3693
CVE    3
CVE-2014-0247
CVE-2014-3693
CVE-2014-3575
CPE    2
cpe:/a:libreoffice:libfreehand
cpe:/o:centos:centos:7

© SecPod Technologies